Zoom and Xerox deal with important safety flaws in Home windows and FreeFlow core zoom purchasers that enable privilege escalation and distant code execution.
Vulnerabilities affecting Home windows Zoom Purchasers are tracked CVE-2025-49457 (CVSS rating: 9.6) pertains to circumstances of untrusted search paths that would pave the way in which for privilege escalation.
“Untrusted search paths for sure Home windows Zoom purchasers might enable unauthorized customers to escalate privileges through community entry,” Zoom stated in a safety bulletin Tuesday.
This problem reported by its personal assault safety crew impacts the next merchandise –
- Zoom Home windows Office earlier than model 6.3.10
- Zoom Office VDI for Home windows earlier than model 6.3.10 (besides 6.1.16 and 6.2.12)
- Zoom room for home windows earlier than model 6.3.10
- Zoom room controller for home windows earlier than model 6.3.10
- Zoom Assembly SDK earlier than model 6.3.10
This disclosure happens as a result of a number of vulnerabilities have been disclosed in Xerox Freeflow Core, probably the most critical of which may result in distant code execution. Points addressed in model 8.0.4 embrace:
- CVE-2025-8355 (CVSS rating: 7.5) – XML Exterior Entity (XXE) Injection Vulnerability Server-Facet Request Forfary (SSRF)
- CVE-2025-8356 (CVSS rating: 9.8) – Path traversal vulnerability resulting in distant code execution
“These vulnerabilities are rudimentary to take advantage of, and if exploited, may enable an attacker to execute arbitrary instructions on the affected system, steal delicate knowledge, or promote assaults to attempt to transfer sideways into a selected company atmosphere.
